Hackers Could Sink a Bulk Carrier
Penetration testing experts Pen Test Partners, have highlighted how hackers could sink a bulk carrier by manipulating the loading data of its hull stress monitoring systems (HSMS) to deliberately cause an imbalance of cargo on the vessel without the crew being aware.
The consequences could be catastrophic with the vessel being put under intense strain leading to it breaking up and sinking.
“The reason it is feasible is that when HSMS were first developed, there was no concept of a vessel being connected to the internet, allowing it to be accessed remotely. Therefore, many HSMS are just PCs connected to the ships’ network,” said senior partner, Ken Munro.
A hacker could interrupt the loading data being fed to and from the monitoring system, having previously compromised the network either via the satcom unit or a phishing e-mail.
“Once in control, hackers can manipulate the loading of cargo and turn off any stress monitoring alarms that would alert crew to any undue strain on the vessel,” said Munro.
Last month, the company warned that container ship stowage plans can be hacked. The issue stems from the absence of security in a messaging system used to create ship loading and container stowage plans from the electronic messages exchanged between shipping lines, port authorities, terminals and ships. Instead of taking 24 to 48 hours to load and unload, it could take weeks to manually re-inventory the ship.
“Even more sinister is the threat to the ship itself. Load planning software is used to place heavier containers towards the bottom of container stacks and to prevent a stack from being overweight. This keeps the center of gravity low and maintains stability,” said a spokesman for the company.
“How about if a hacker manipulated the load plan to deliberately put a ship out of balance? Disguise the data, so that the loading cranes unintentionally put the heavy containers at the top and on one side? Whilst some balancing actions are automatic, the transfer pumps may not be able to cope with a rapidly advancing, unanticipated out of balance situation. It really wouldn’t take much. You jeopardize lives and potentially block a tight shipping lane in to port with a shipwreck.”
The company warns of using USB sticks to transfer data between terminal and ship. There is a chance that the computer with the load plan software is also used for email or web browsing, opening the potential for malware.